package com.bsh.shiro;

import java.util.List;

import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cglib.beans.BeanCopier;

import com.bsh.mybatis.model.Admin;
import com.bsh.mybatis.model.Module;
import com.bsh.mybatis.model.Role;
import com.bsh.service.AdminService;
import com.bsh.service.ModuleService;
import com.bsh.service.RoleService;

/**
 * @author gsh
 * @since 0.0.1
 */
public class DBRealmPzb extends AuthorizingRealm {
	@Autowired
	AdminService adminService;
	@Autowired
	ModuleService mdService;
	@Autowired
	RoleService roleService;

	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
		AdminPrincipal user = (AdminPrincipal) principal.getPrimaryPrincipal();
		Session session = SecurityUtils.getSubject().getSession();
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

		List<Role> rolelist = roleService.getAdminRoles(user.getId());
		StringBuilder sb = new StringBuilder();
		for (Role role : rolelist) {
			info.addRole(role.getId().toString());
			sb.append(role.getName() + ",");
		}
		String str = sb.toString();
		if (!StringUtils.isEmpty(str) && str.endsWith(","))
			str = str.substring(0, str.length() - 1);
		session.setAttribute("roles", str);

		List<Module> mdlist = mdService.getAdminModule(user.getId());
		for (Module module : mdlist) {
			info.addStringPermission(module.getId().toString());
		}

		return info;

	}

	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
			throws AuthenticationException {
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		if (StringUtils.isEmpty(token.getUsername())) {
			throw new AccountException("The Username are not allowed.");
		}

		String password = new String((char[]) token.getCredentials());
		Admin dbUser = adminService.getLoginAdmin(token.getUsername(), password);
		if (dbUser == null) {
			throw new AuthenticationException("USER_NOT_EXISTS");

		} else if (dbUser.getIsEnable() != 1) {
			throw new AuthenticationException("USER_DISABLED");
		}

		BeanCopier copy = BeanCopier.create(Admin.class, AdminPrincipal.class, false);
		AdminPrincipal user = new AdminPrincipal();
		copy.copy(dbUser, user, null);

		token.setPassword(user.getPassword().toCharArray());
		SimpleAuthenticationInfo authenticationInfo = null;
		if (user != null) {
			authenticationInfo = new SimpleAuthenticationInfo(user, user.getPassword(), this.getName());
		}

		return authenticationInfo;
	}

}
